implemented conditional cookie only when user is logged in, fixes #274

xronos-ch · Jan 15, 2025 · f736c03 · f736c03
1 parent 3e8c3f5
commit f736c03
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -3,6 +3,11 @@ class ApplicationController < ActionController::Base
   before_action :set_paper_trail_whodunnit
 
   before_action :http_basic_authenticate
+
+  after_action lambda {
+    cookies.delete(Rails.application.config.session_options[:key]) unless user_signed_in?
+    request.session_options[:skip] = !(user_signed_in? || devise_controller?)
+  }
 
   protect_from_forgery with: :null_session, :if => Proc.new { |c| c.request.format == 'application/json' }